堆栈内存溢出
  简体   繁体   English

Azure NSG-从输入csv筛选某些IP

[英]Azure NSG - Filter certain IPs from input csv

 原文  2018-10-18 16:51:54       azure/ csv/ azure-powershell/ azure-virtual-network/ azure-nsg

问题描述

I am using PowerShell to create Azure NSGs which will use input from a .csv file with security rules. 我正在使用PowerShell创建Azure NSG,它将使用带有安全规则的.csv文件中的输入。 I am using the script below. 我正在使用以下脚本。 

$NSG = Get-AzureRmNetworkSecurityGroup -Name test -ResourceGroupName RG-VM-QTY

foreach($rule in import-csv "SystemPath\inputfile.csv") 
{ 
$NSG | Add-AzureRmNetworkSecurityRuleConfig -Name $rule.name -Access Allow -Protocol $rule.protocol -Direction $rule.direction -Priority $rule.priority 
-SourceAddressPrefix $rule.source -SourcePortRange * 
-DestinationAddressPrefix $rule.destination -DestinationPortRange $rule.port 
}

$NSG | Set-AzureRmNetworkSecurityGroup

Wanted to check if there is a way to restrict adding a particular IP lets say 127.0.0.1 to be added as source or destination in any of the rules. 想要检查是否存在限制添加特定IP的方法,可以说将127.0.0.1添加为任何规则中的源或目标。 Any check that I can put to avoid creating the NSG altogether if the IP 127.0.0.1 is present in the .csv? 如果.csv中存在IP 127.0.0.1,我可以进行任何检查以避免完全创建NSG?

Thanks in advance guys.! 在此先感谢大家!! Cheers. 干杯。

1 个解决方案

解决方案1
 2 已采纳  2018-10-19 04:37:10

Here is the modified PowerShell script with a simple if condition added to check that SourceAddressPrefix and DestinationAddressPrefix should not be exactly 127.0.0.1 这是修改后的PowerShell脚本,其中添加了一个简单的if条件,以检查SourceAddressPrefix和DestinationAddressPrefix是否不完全是127.0.0.1 

$NSG = Get-AzureRmNetworkSecurityGroup -Name test -ResourceGroupName RG-VM-QTY 

foreach($rule in import-csv "SystemPath\inputfile.csv") 
{
   # additional if condition to check that source or destination address prefix should not be 127.0.0.1
   if($rule.SourceAddressPrefix -ne "127.0.0.1" -And $rule.DestinationAddressPrefix -ne "127.0.0.1")
   { 
          $NSG | Add-AzureRmNetworkSecurityRuleConfig -Name $rule.name -Access Allow -Protocol $rule.protocol -Direction $rule.direction -Priority $rule.priority 
             -SourceAddressPrefix $rule.source -SourcePortRange * -DestinationAddressPrefix $rule.destination -DestinationPortRange $rule.port 
   }
} 

$NSG | Set-AzureRmNetworkSecurityGroup

Your condition right now is very simple to check for 127.0.0.1 so if condition should be good enough. 现在,您的状况非常容易检查127.0.0.1,因此状况是否足够好。

In case you get to a more complicated logic, consider creating a separate function say something like ValidateRule(), that can encapsulate all conditions and call that function to check whether or not the rule should be added. 如果您遇到更复杂的逻辑,可以考虑创建一个单独的函数,例如ValidateRule(),该函数可以封装所有条件并调用该函数以检查是否应添加规则。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 向 Azure NSG 规则添加多个 IP - Add many IPs to Azure NSG rule 通过 Azure PowerShell 从 CSV 创建 NSG ARM 模板 - Create NSG ARM Template from CSV via Azure PowerShell Azure ARM模板-在单个输入参数上设置NSG和子网 - Azure ARM Template - Set NSG and Subnet on single input parameter Azure NSG规则用于来自Azure云服务的流量 - Azure NSG rules for traffic from an Azure Cloud Service Azure NSG无法按预期工作 - Azure NSG not working as expected Azure - 使用 Rest Api 从子网中删除或分离 NSG - Azure - Remove or dissociated an NSG from a subnet using Rest Api Azure NSG是可能的 - Azure NSG is that possible 在天蓝色的NSG上写规则 - write rule on NSG in azure Deny.netInbound Azure NSG - DenyVnetInbound in Azure NSG 从 NSG 中删除子网 - Remove a subnet from a NSG
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM